Unexpected Slack API calls indicating excessive downloads

ID:slack_excessive_downloads_anomaly

Data type:Slack

Severity:

Low

Description

AlphaSOC detected an excessive_downloads event in Slack, indicating a user previewing or downloading an unusually high number of files. This behavior could signify a data exfiltration attempt by threat actors.

Impact

Unauthorized excessive file downloads from Slack can indicate potential data exfiltration. This can result in exposure of sensitive company information, intellectual property, or customer data.

Severity

Severity	Condition
Low	Unexpected Slack API calls indicating excessive downloads

Investigation and Remediation

Investigate the user account associated with the excessive downloads and the specific files downloaded. Verify if the downloads were authorized. If unauthorized, reset affected user credentials and conduct a thorough security assessment.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation